You are here

Cyber risk is routinely cited as one of the most important sources of operational risks facing organisations today. Further, in recent years, cyber risk has entered the public conscience through highly publicised events involving affected UK organisations such as TalkTalk, Morrisons and the NHS. Regulators and legislators are increasing their focus on this topic, with GDPR a notable example of this.

Risk actuaries and other risk management professionals at insurance companies need to have a robust assessment of the potential losses stemming from cyber risk that their organisations may face, as part of an overall risk management framework, and to be able to demonstrate this to stakeholders such as regulators and shareholders.

This paper describes a proposed framework to perform such an assessment.